Will Beta

Main Menu

  • Volatility
  • Systematic Risk
  • Returns Of Assets
  • Beta Data
  • Finance Debt

Will Beta

Header Banner

Will Beta

  • Volatility
  • Systematic Risk
  • Returns Of Assets
  • Beta Data
  • Finance Debt
Beta Data
Home›Beta Data›Who is responsible for cloud security anyway?

Who is responsible for cloud security anyway?

By Rogers Jennifer
June 14, 2021
0
0



The question of whether not migrating to the cloud is good for security has been widely answered with a resounding ‘yes’, which is why organizations are increasingly relying on cloud-based technology and services. for their business operations.

A more nuanced conversation, however, revolves around the question of who ultimately bears the responsibility for cloud security.

The answer to this question is complicated by the fact that the cloud supply chain includes not only the customer and the cloud service provider, but potentially a variety of third parties in the form of infrastructure service providers, integrators. systems and other partners.

To determine where the responsibility for security lies, it is imperative that companies look at the risks and weaknesses in their extended cloud supply chain, and then develop an accountability matrix to mitigate those risks.

Adopting this best practice approach to security, governance and compliance is increasingly the only way for organizations that deal with sensitive and confidential data – from law firms to financial services and other businesses that deal with sensitive and confidential data. engage in knowledge work – to ensure their information is protected at the highest levels.

Roles and responsibilities

The first step is to determine which part of “cloud security” the service provider is responsible for and which parts the consumer of those services is responsible for dealing with.

Typically, the customer – the consumer of the cloud service – is responsible for determining which end users are allowed to access the service, and they typically achieve this through identity and access management solutions.

Meanwhile, the actual physical infrastructure on which the data is hosted will become a supplier’s responsibility: not just the servers themselves, but the security controls around. access to these physical devices. For example, is anyone allowed to walk around the data center, or is access carefully controlled and limited to a highly controlled list? This part of the matrix is ​​squarely in the hands of the seller.

Given the large share of responsibility that falls on the provider, customers will want to ensure that the cloud service provider not only uses a zero trust model, but a contactless model.

The zero trust framework challenges the idea of ​​trust in any form, be it the trust of networks, trust between host and applications, or even the trust of super users. or administrators. This framework only works well, however, if zero contact is at the heart of it, and human vulnerabilities have been largely removed through automation.

Working with service providers who have implemented a contactless model clarifies the key elements of the shared responsibility model, as it ensures that the provider has no technical means to access customer data. In other words, it provides the certainty that this part of the accountability matrix is ​​as tight as possible.

Kick in the tires

As part of risk mitigation, customers are advised to get rid of not only the cloud service itself, but also the company they are going to partner with.

How mature are they as an organization? What is the maturity, in particular, of their security and compliance function? Do they have certifications demonstrating their adherence to globally recognized security and data protection frameworks, such as ISO 27001, ISO 22301 and SOC 2?

Another important question is whether they have outsourced various responsibilities for their cloud service to other third-party service providers – and whether you, as a customer, have good visibility into those arrangements.

After all, everything is fine if the cloud provider you signed up with ticks all the right boxes when it comes to maturity level and certifications, but outsources key parts of the process to organizations that do not meeting those criteria is a whole different story.

Beyond clarity on the extended supply chain, it’s also important that customers do their due diligence on the cloud provider as a whole. For example, are they running next-generation antivirus or intrusion detection? How do they protect their corporate endpoints?

These areas may have nothing to do with delivering their cloud offering, but they tell you a lot about the organization and its operations in general. Customers want to know that any the information they share with the provider – a project proposal with details considered confidential, for example – is secure, not just the data that they will store in the cloud services that they will purchase from the provider.

No weak links

Ultimately, security in the cloud is a shared enterprise between an ecosystem of participants comprising the customer, the cloud provider, and the extended supply chain. Like any chain, this interconnected arrangement is only as strong as its weakest link – and a weakness or dereliction of duty in one area or by one party can compromise sensitive and privileged data.

By providing a clearly defined accountability matrix – and taking an in-depth look at the parties responsible for various aspects of the matrix – organizations can ensure a robust approach to shared responsibility for cloud security. By doing so, they can experience all the benefits of the cloud for their business operations, without any compromises or compromises.

Image credit: jirsak / depotphotos.com

Martin Ward is Director of Security, Governance and Compliance, I manage



Related posts:

  1. Morgan Stanley lowers its price target (NASDAQ: INCY) to $ 85.00
  2. Red Light Holland iMicro Digital Care app and teleconsultation launched
  3. CME says over 100,000 micro-bitcoin futures traded in the first six days
  4. Euro-dollar draws confidence from ZEW data and USD Ebbing

Recent Posts

  • How to Install Windows 11 2H22 Beta Now
  • City of Memphis helps employees with financial wellness programs – InsuranceNewsNet
  • New clashes in Tripoli highlight Libya’s political volatility | Political news
  • Boston Properties Completes Acquisition of Madison Center for $730 Million | News
  • Infected food web and ecological stability

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021

Categories

  • Beta Data
  • Finance Debt
  • Returns Of Assets
  • Systematic Risk
  • Volatility
  • Terms and Conditions
  • Privacy Policy